On 11/27/2006 1:52 PM, Jerry Whitteridge wrote:
You could implement a RACF exit at ICHRCX02. Allow access under the
following conditions:
1) No RACF Rule exists to protect the dataset
2) Dataset is on Tape
3) Read access was requested.
This relies on PROTECTALL being active to fully secure the inhouse data.
Rather than an exit, you could also use the new z/OS R8 tape security
options in SYS1.PARMLIB(DEVSUPxx). These options (TAPEAUTHDSN,
TAPEAUTHRC4, TAPEAUTHRC8) support all those checks except number 3.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
